Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

It is said that Wireless Security is an oxymoron. In other words, you can never be 100% secure with wireless.

However, you can tighten things down enough that the chance of you getting hacked is virtually nil. I'm sure that the FBI could find a way, if it was important to them, but I doubt you are that suspected.

So do what you can. Block all mac addresses not in your white list, use WPA-2 encryptions, don't broadcast your SSID, but most importantly, if you see a black van by the side of the road near your house, shut down your internet connection.

I like the black van part. lol

I also limited my ip address range to the two devices in the network.

range 192.168.1.64 (being PS3)- 192.168.1.65 (being my PC). Some people might rip on this suggestion, but in my case, with use on LAN limited to pretty much myself, it works well for me, no probs. I will be adding X-Box 360 soon, and just have to allow one more ip allocation ie. 192.168.1.64 to 192.168.1.66

I have dhcp enabled, but have port forwarding setup for a sharing program on the PC and ports forwarded for voice chat and various PS3 required functions, with no worries of ip wandering, AS LONG as I turn the devices on in the proper order, but seeing my PC stays on nearly 24/7 it never loses it's assigned ip and the PS3 automatically takes the only other one available. It has been a few months now and I have not had to mess with my router, or other setting due to ip's not matching, and ports getting screwed up.

This is in a wired setup, but this might be another way to tighten up your security on the wifi as well. If you have many people logging in and out, and need a wider ip range to allow more ip's to be dished out, this might not be for you.

Just a thought, something that is working for me.

Tell me to butt out if I missed the mark here.....lol

No. I'm open to all ideas, but I will have to consider if I can apply them to my situation. I don't have anything that needs to access the network, except two computers, and the router is set to identify them via their MACs. I think that would be equal to their IPs. However, in my first configuration attempt, I did enable DHCP, and it lists IP and MAC for both computers. Perhaps I should disable DHCP...I'm not sure.

My theory on this is that they can spoof this or that, but if only 2 device ip's are available for assignment, and as usual my devices are nearly always on, there's nowhere for an intruder to go, just another roadblock. The can only assign one of the two ip's and seeing they are already taken...dead end. It may not suit your style setup, but just something I kind of tried after doing various experiments with media servers and port forwarding, etc. etc.

It is working for me now but you know how sometimes things can change quickly.....

EDIT: I also just thought, you can also limit the broadcast power of your router, in theory, shrinking the radius of your signal. Apartments, this works to a little effect, but in a home on decent sized land you'd maybe see the benefit more, people would have to park under your front window to get a strong signal. Most wireless routers have some kind of power adjustment.

Watch out for camouflaged painted Accords in the bushes!!!!!!!!!!!!!!!!!!!!!!!

seekermeister, as said earlier... there is no "absolute" security in computer network. Well... there is, disconnect the computer, then turn it off... Anyways...

If you are paranoid about your wifi network connection, I have several suggestions:

1. Don't use DHCP, disable it, use manual static IP addressing. Use weird IP addresses, there's a lot of private IP subnets that you can use that doesn't start with 192, or 10, or 172... And use classless subnet mask (anything other than 8/16/24 bits).
2. Use obscure wifi standards, preferably 802.11a, though slow, it will most of the time "save" you. The analogy is this, if the thief can't see the house, he can't break into it... If you need speed, then all you can do is use g/n plus WPA2 encryption (preferably AES). Stay away from MAC address access control, if the "hacker" knows how to break into your wifi AP, spoofing a MAC address is child play.
3. If you're comfy, use pre-shared key. This is the "key" so that you can login to your wifi AP. If you're paranoid, use 32 random characters or more as a key, don't forget to use special characters (like *,(,),-,_,+,=, etc). If you're don't feel comfy with it, use RADIUS server to store the key(s) (but you'd need somewhat better access point for this kind of security). By using RADIUS, you can make many keys, and rotate those keys (this depends on the RADIUS server).
4. If you're REALLY paranoid, then put your wifi network on the outside of your LAN, then use router to connect the two, then put a traffic filter between the two. By this I mean once you're connected, you can't just put IP address then all is well, you need to configure gateway(s), custom DNS servers, etc. Much harder to break into.
5. If you are BEYOND PARANOID, put the wifi network outside LAN, and isolate it, put a VPN server in there. So if you want to connect to your LAN, you need to authenticate at least twice (first will be the wifi connection, then set static IP address, then authenticate to the VPN server) and put traffic filtering plus SNORT server, make it to automatically shutdown the network interface if it detects ANY SUSPICIOUS activity. If you're beyond all this, stack the VPN server configuration as I mentioned earlier several layers... that ought to drive the hacker away simply because it's too tedious to break into...

There is no 100% but with a strong password without using real words and add other char as well will get you a fairly safe system. For WPA-2 cracking they must run your packets through a dictionary and if the password used is not within, it will not pick it up... To find more info on this visit Back-Track and read a little... GL

It appears that Back Track is simply a distro of Linux, which may be quite good...I don't know. However, my concern is WIFI security in general, regardless of the OS being used. So this is something that I will bookmark for future use, but it doesn't seem to fit what I'm looking for now.

Be worried of programs such as Back-Track as it can be used to gather most passwords used by wifi... It's been one that I have tested and is and can get through many wpa passwords... There is ways you can protect yourself and I suggested a few and posted their site to help you protect yourself the best that you can... GL

seekermeister, as said earlier... there is no "absolute" security in computer network. Well... there is, disconnect the computer, then turn it off... Anyways...

If you are paranoid about your wifi network connection, I have several suggestions:

1. Don't use DHCP, disable it, use manual static IP addressing. Use weird IP addresses, there's a lot of private IP subnets that you can use that doesn't start with 192, or 10, or 172... And use classless subnet mask (anything other than 8/16/24 bits).
2. Use obscure wifi standards, preferably 802.11a, though slow, it will most of the time "save" you. The analogy is this, if the thief can't see the house, he can't break into it... If you need speed, then all you can do is use g/n plus WPA2 encryption (preferably AES). Stay away from MAC address access control, if the "hacker" knows how to break into your wifi AP, spoofing a MAC address is child play.
3. If you're comfy, use pre-shared key. This is the "key" so that you can login to your wifi AP. If you're paranoid, use 32 random characters or more as a key, don't forget to use special characters (like *,(,),-,_,+,=, etc). If you're don't feel comfy with it, use RADIUS server to store the key(s) (but you'd need somewhat better access point for this kind of security). By using RADIUS, you can make many keys, and rotate those keys (this depends on the RADIUS server).
4. If you're REALLY paranoid, then put your wifi network on the outside of your LAN, then use router to connect the two, then put a traffic filter between the two. By this I mean once you're connected, you can't just put IP address then all is well, you need to configure gateway(s), custom DNS servers, etc. Much harder to break into.
5. If you are BEYOND PARANOID, put the wifi network outside LAN, and isolate it, put a VPN server in there. So if you want to connect to your LAN, you need to authenticate at least twice (first will be the wifi connection, then set static IP address, then authenticate to the VPN server) and put traffic filtering plus SNORT server, make it to automatically shutdown the network interface if it detects ANY SUSPICIOUS activity. If you're beyond all this, stack the VPN server configuration as I mentioned earlier several layers... that ought to drive the hacker away simply because it's too tedious to break into...

zzz2496

I sort of fit into item 5, but I have to balance that with what I think that I'm capable of managing. I'll start at item 1 and progress as I can.

There is no 100% but with a strong password without using real words and add other char as well will get you a fairly safe system. For WPA-2 cracking they must run your packets through a dictionary and if the password used is not within, it will not pick it up... To find more info on this visit Back-Track and read a little... GL

It appears that Back Track is simply a distro of Linux, which may be quite good...I don't know. However, my concern is WIFI security in general, regardless of the OS being used. So this is something that I will bookmark for future use, but it doesn't seem to fit what I'm looking for now.

Be worried of programs such as Back-Track as it can be used to gather most passwords used by wifi... It's been one that I have tested and is and can get through many wpa passwords... There is ways you can protect yourself and I suggested a few and posted their site to help you protect yourself the best that you can... GL

Ahh, originally I thought that you linked to it as something to use, rather than something guard against. I will look it over again with that in mind.

That looks like a good one, but it appears to not have WIFI. Doesn't make any difference though, because my router is barely out of the box, and the adapter for the remote computer is still on it's way. So far, I'm happy with it.

If you read carefully, each of RB-450G's port is an independent interface, meaning you can assign an IP address to EACH and route between interfaces. Plus I haven't seen ANY consumer grade router that has at least one fourth what Mikrotik's software can do... (by the way, fire up virtualbox or Virtual PC, download Mikrotik RouterOS for x86, and try it ro find out).

zzz2496

edit: forgot to add, there are other routerboards that has mini pci slots, so you can add a wifi card in the router if need be, some come with one slot, others have more than one...

I sort of fit into item 5, but I have to balance that with what I think that I'm capable of managing. I'll start at item 1 and progress as I can.

Quote:

Disable DHCP

Switching DHCP off and using static IP addressing is no defense against hacking. Anyone snooping the network can usually figure out the pattern that has been used to assign the IP addresses in question and then make a specific request accordingly.

WIFI Security

Need help setting up home wifi security.So I finally decided to try and set up some security for our home wifi and I dont have the confidence to prod away at it without the risk of ending up doing something really bad...
What Im looking to do:
. Set up home wifi for 3 person use
. Admin(me) not around to give out wifi access all...

Network & Sharing

Taskbar turned white and wifi unable to detect wifi'Hello, this is my first post here, so I am sorry if anything is confusing.
The reason why I signed up in this forum is s I can seek help fron those that might know more about computer than me, in order to solve my problem
A few days ago, my laptop was working perfectly fine. But then, I...

Network & Sharing

Wifi over Powerline - security - e.g. Devolo dLAN 500 Mbps WiFiI am considering using a powerline system to give me additional wifi cover, but I am unclear how the available wifi connection is protected. They make a great deal of encrypting the traffic over the power circuit, but no mention is made of protecting the wifi connection. Surely, the risk with...

Network & Sharing

Ralink RT61 WiFi Lan card, windows 7 not receiving any wifi signalsHello,
I have recently bought a new pci wifi lan card (Ralink rt61 turbo) and have plugged in and installed drivers. Initially the drivers the company I bought it from told me to install didn't work, but after some googling found the correct drivers and downloaded from Ralinks website. However...

Hardware & Devices

Connecting 3 (or 2) PCs via WiFi + security questionHi. I live in an apartment here in Bangkok and have my own wireless router, provided by the apartment block. The management have changed things recently though and I have a few questions - some probably a bit basic: wifi and networking is not one of the areas of IT in which I have much know-how......